nextcloud ios client app "invalid certificate" bug

[Derridaralalala]

Expected behaviour

iOS App should (a) accept the self-signed certificate, when this is (b) still valid and (c) is added as an accepted exeption certificate during the first set-up of the app.

Actual behaviour

When accessing the iOS app to see/download documents, every two seconds the message appears: "the certificate for this server is invalid" and "Error: unable to download". This happens even if you click on "connect anyway" -> "yes" for several times. It seems to be limited to the iOS version, as desktop client and web-access is working fine. It also worked before nextcloud 17 and/or before an app update. Somebody reported this problem also here.

clear cache and reinstall the app and log-in again from scratch does not help.

Steps to reproduce

install ios app, connect to server (login), try to access a file.

iOS version

13.2.3

App version

2.2.5.1

Server configuration

Operating system:
Ubuntu 18.04.3 LTS (GNU/Linux 4.4.0-142-generic)

Web server:
Apache/2.4.39

Database:
mysql 8.0.18

PHP version:
7.2.18

TLS
TLS 1.3

Nextcloud version: (see Nextcloud admin page)
17.0.1.

[harrydleung]

I encountered this probelm too.Only happens on iOS.Android and Web is fine.
I am using self-sign certificate .

[harrydleung]

Okay,I search for why iOS 13 will fail when using self-sign certificate.It seems iOS needs certificate issued after 1/7/2019 needs to short than 825 days.
https://support.apple.com/en-us/HT210176

[sferia82]

any solution? i have certificate created with letsencrypt and have short than 825 days. it was created in first of january 2020. with 2.25.5 of nextcloud doesn't allow access in ios 13

[harrydleung]

have you trust your self-signed certificate in "settings->genernal->about->certificate trust settings"?you have to enable the trust before ios trust your certificate for real.

[sferia82]

my certificate is not selfsigned. is generated by letsencrypt. Anyway I have the certificate installed and it still doesn't work.

[sferia82]

still here.

[sferia82]

i think its not a problem with certificate because with another app to connect to Webdav of my server works with Iphone. But with nextcloud app not.

[sferia82]

and my server with nextcloud app in android works.

[harrydleung]

oh,if your certificate is not self-signed,then i have no idea why it would happens.sorry.

My issue is similar. I have a self signed deployment. On first login it prompts to connect to server anyway. Specify yes. Works ok for a couple of hours.

Then suddenly it just doesn’t go away, constantly prompting me that the certificate is invalid and do I want to connect anyway (every 4 seconds roughly) and won’t go away.

Maybe an option could be added in the app settings to permanately accept an invalid certificate. So it doesn't keep prompting?

[wjentner]

I have this issue as well. To me it occurs periodically after the LE certs are being rotated. The error message disappears when I reset the cache in the app.

[Derridaralalala]

This problem still exists and also affects Nextcloud Talk App (invalid certificate message) v. 8.1.0. Self-signed certificates are not the cause. It seems as if with the nextcloud iOS app (2.25.9.2):

a) the problem is caused by Nextcloud.

b) it is limited to iOS (web access and desktop client work without problems).

b) when the temporary storage/cache is cleared, the problem is solved for a short time, but then reappears.

c) it also affects server certificates that are valid for less than 825 days.

d) the fact that the certificates are self-signed is not the reason for the problem.

e) an update to nextcloud server 18.0.4 and app version 2.25.9.2 does not solve the problem.

f) it affects the downloading of files (start, speed).

g) mobile access to nextcloud via the browser (Safari iOS) works without problems (certificate seems therefore not to be a problem).

[Derridaralalala]

Did someone find a solution?

(@JorisBodin seems like other users experience this as well)

When this will be fixed?
Currently IOS app is unusable with nextcloud with self signed cert.